Even though string extraction is an excellent technique to harvest valuable information, often malware authors obfuscate or armor their malware binary. Obfuscation is used by malware authors to protect the inner workings of the malware from security researchers, malware analysts, and reverse engineers. These obfuscation techniques make it difficult to detect/analyze the binary; extracting the strings from such binary results in very fewer strings, and most of the strings are obscured. Malware authors often use programs such as Packers and Cryptors to obfuscate their file to evade detection from security products such as anti-virus and to thwart analysis.
5. Determining File Obfuscation
5.1 Packers and Cryptors
A Packer...